Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / e4824e8af0f46bd9723750e045401de65741bbe9 / . / ssl / d1_both.c
blob: 9081e4ba4c12d0c94f00a12c12a6cd72b7de5124 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/*
2 * DTLS implementation written by Nagendra Modadugu
3 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
59 * All rights reserved.
60 *
61 * This package is an SSL implementation written
62 * by Eric Young (eay@cryptsoft.com).
63 * The implementation was written so as to conform with Netscapes SSL.
64 *
65 * This library is free for commercial and non-commercial use as long as
66 * the following conditions are aheared to. The following conditions
67 * apply to all code found in this distribution, be it the RC4, RSA,
68 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
69 * included with this distribution is covered by the same copyright terms
70 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
71 *
72 * Copyright remains Eric Young's, and as such any Copyright notices in
73 * the code are not to be removed.
74 * If this package is used in a product, Eric Young should be given attribution
75 * as the author of the parts of the library used.
76 * This can be in the form of a textual message at program startup or
77 * in documentation (online or textual) provided with the package.
78 *
79 * Redistribution and use in source and binary forms, with or without
80 * modification, are permitted provided that the following conditions
81 * are met:
82 * 1. Redistributions of source code must retain the copyright
83 * notice, this list of conditions and the following disclaimer.
84 * 2. Redistributions in binary form must reproduce the above copyright
85 * notice, this list of conditions and the following disclaimer in the
86 * documentation and/or other materials provided with the distribution.
87 * 3. All advertising materials mentioning features or use of this software
88 * must display the following acknowledgement:
89 * "This product includes cryptographic software written by
90 * Eric Young (eay@cryptsoft.com)"
91 * The word 'cryptographic' can be left out if the rouines from the library
92 * being used are not cryptographic related :-).
93 * 4. If you include any Windows specific code (or a derivative thereof) from
94 * the apps directory (application code) you must include an acknowledgement:
95 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
96 *
97 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
98 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
99 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
100 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
101 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
102 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
103 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
104 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
105 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
106 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
107 * SUCH DAMAGE.
108 *
109 * The licence and distribution terms for any publically available version or
110 * derivative of this code cannot be changed. i.e. this code cannot simply be
111 * copied and put under another distribution licence
112 * [including the GNU Public Licence.] */
113
114#include <assert.h>
115#include <limits.h>
116#include <stdio.h>
117#include <string.h>
118
119#include <openssl/buf.h>
120#include <openssl/err.h>
121#include <openssl/evp.h>
122#include <openssl/mem.h>
123#include <openssl/obj.h>
124#include <openssl/rand.h>
125#include <openssl/x509.h>
126
127#include "ssl_locl.h"
128
129#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
130
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]131#define RSMBLY_BITMASK_MARK(bitmask, start, end) \
132 { \
133 if ((end) - (start) <= 8) { \
134 long ii; \
135 for (ii = (start); ii < (end); ii++) \
136 bitmask[((ii) >> 3)] |= (1 << ((ii)&7)); \
137 } else { \
138 long ii; \
139 bitmask[((start) >> 3)] |= bitmask_start_values[((start)&7)]; \
140 for (ii = (((start) >> 3) + 1); ii < ((((end)-1)) >> 3); ii++) \
141 bitmask[ii] = 0xff; \
142 bitmask[(((end)-1) >> 3)] |= bitmask_end_values[((end)&7)]; \
143 } \
144 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]145
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]146#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) \
147 { \
148 long ii; \
149 assert((msg_len) > 0); \
150 is_complete = 1; \
151 if (bitmask[(((msg_len)-1) >> 3)] != bitmask_end_values[((msg_len)&7)]) \
152 is_complete = 0; \
153 if (is_complete) \
154 for (ii = (((msg_len)-1) >> 3) - 1; ii >= 0; ii--) \
155 if (bitmask[ii] != 0xff) { \
156 is_complete = 0; \
157 break; \
158 } \
159 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]160
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]161static const uint8_t bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8,
162 0xf0, 0xe0, 0xc0, 0x80};
163static const uint8_t bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07,
164 0x0f, 0x1f, 0x3f, 0x7f};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]165
166/* XDTLS: figure out the right values */
David Benjamincff64722014-08-19 19:54:46 -0400[diff] [blame]167static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168
169static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]170static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
171 unsigned long frag_len);
172static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]173static long dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]174
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]175static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
176 int reassembly) {
177 hm_fragment *frag = NULL;
178 unsigned char *buf = NULL;
179 unsigned char *bitmask = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]180
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]181 frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
182 if (frag == NULL) {
183 return NULL;
184 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]185
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]186 if (frag_len) {
187 buf = (unsigned char *)OPENSSL_malloc(frag_len);
188 if (buf == NULL) {
189 OPENSSL_free(frag);
190 return NULL;
191 }
192 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]193
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]194 /* zero length fragment gets zero frag->fragment */
195 frag->fragment = buf;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]196
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]197 /* Initialize reassembly bitmask if necessary */
198 if (reassembly) {
199 bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
200 if (bitmask == NULL) {
201 if (buf != NULL) {
202 OPENSSL_free(buf);
203 }
204 OPENSSL_free(frag);
205 return NULL;
206 }
207 memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
208 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]209
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]210 frag->reassembly = bitmask;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]211
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]212 return frag;
213}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]214
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]215void dtls1_hm_fragment_free(hm_fragment *frag) {
216 if (frag->msg_header.is_ccs) {
217 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
218 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
219 }
220 if (frag->fragment) {
221 OPENSSL_free(frag->fragment);
222 }
223 if (frag->reassembly) {
224 OPENSSL_free(frag->reassembly);
225 }
226 OPENSSL_free(frag);
227}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]228
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]229/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
230 * SSL3_RT_CHANGE_CIPHER_SPEC) */
David Benjamine4824e82014-12-14 19:44:34 -0500[diff] [blame^]231int dtls1_do_write(SSL *s, int type) {
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]232 int ret;
233 int curr_mtu;
234 unsigned int len, frag_off, mac_size = 0, blocksize = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]235
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]236 /* AHA! Figure out the MTU, and stick to the right size */
237 if (s->d1->mtu < dtls1_min_mtu() &&
238 !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
239 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]240
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]241 /* I've seen the kernel return bogus numbers when it doesn't know
242 * (initial write), so just make sure we have a reasonable number */
243 if (s->d1->mtu < dtls1_min_mtu()) {
244 s->d1->mtu = 0;
245 s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
246 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, s->d1->mtu, NULL);
247 }
248 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]249
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]250 /* should have something reasonable now */
251 assert(s->d1->mtu >= dtls1_min_mtu());
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]252
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]253 if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) {
254 assert(s->init_num ==
255 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
256 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]257
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]258 if (s->write_hash &&
259 (s->enc_write_ctx == NULL ||
260 EVP_CIPHER_CTX_mode(s->enc_write_ctx) != EVP_CIPH_GCM_MODE)) {
261 mac_size = EVP_MD_CTX_size(s->write_hash);
262 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]263
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]264 if (s->enc_write_ctx &&
265 (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) {
266 blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
267 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]268
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]269 frag_off = 0;
270 while (s->init_num) {
271 curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
272 DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]273
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]274 if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
275 /* grr.. we could get an error if MTU picked was wrong */
276 ret = BIO_flush(SSL_get_wbio(s));
277 if (ret <= 0) {
278 return ret;
279 }
280 curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
281 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]282
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]283 if (s->init_num > curr_mtu) {
284 len = curr_mtu;
285 } else {
286 len = s->init_num;
287 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]288
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]289 /* XDTLS: this function is too long. split out the CCS part */
290 if (type == SSL3_RT_HANDSHAKE) {
291 if (s->init_off != 0) {
292 assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
293 s->init_off -= DTLS1_HM_HEADER_LENGTH;
294 s->init_num += DTLS1_HM_HEADER_LENGTH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]295
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]296 if (s->init_num > curr_mtu) {
297 len = curr_mtu;
298 } else {
299 len = s->init_num;
300 }
301 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]302
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]303 dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]304
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]305 dtls1_write_message_header(
306 s, (uint8_t *)&s->init_buf->data[s->init_off]);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]307
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]308 assert(len >= DTLS1_HM_HEADER_LENGTH);
309 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]310
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]311 ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len);
312 if (ret < 0) {
313 /* might need to update MTU here, but we don't know which previous packet
314 * caused the failure -- so can't really retransmit anything. continue
315 * as if everything is fine and wait for an alert to handle the
316 * retransmit. */
317 if (BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
318 s->d1->mtu =
319 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
320 } else {
321 return (-1);
322 }
323 } else {
324 /* bad if this assert fails, only part of the handshake message got sent.
325 * But why would this happen? */
326 assert(len == (unsigned int)ret);
327
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]328 if (ret == s->init_num) {
329 if (s->msg_callback) {
330 s->msg_callback(1, s->version, type, s->init_buf->data,
331 (size_t)(s->init_off + s->init_num), s,
332 s->msg_callback_arg);
333 }
334
335 s->init_off = 0; /* done writing this message */
336 s->init_num = 0;
337
338 return 1;
339 }
340 s->init_off += ret;
341 s->init_num -= ret;
342 frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
343 }
344 }
345
346 return 0;
347}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]348
349
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]350/* Obtain handshake message of message type 'mt' (any if mt == -1), maximum
351 * acceptable body length 'max'. Read an entire handshake message. Handshake
352 * messages arrive in fragments. */
353long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max,
354 int hash_message, int *ok) {
355 int i, al;
356 struct hm_header_st *msg_hdr;
357 uint8_t *p;
358 unsigned long msg_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]359
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]360 /* s3->tmp is used to store messages that are unexpected, caused
361 * by the absence of an optional handshake message */
362 if (s->s3->tmp.reuse_message) {
363 /* A SSL_GET_MESSAGE_DONT_HASH_MESSAGE call cannot be combined
364 * with reuse_message; the SSL_GET_MESSAGE_DONT_HASH_MESSAGE
365 * would have to have been applied to the previous call. */
366 assert(hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE);
367 s->s3->tmp.reuse_message = 0;
368 if (mt >= 0 && s->s3->tmp.message_type != mt) {
369 al = SSL_AD_UNEXPECTED_MESSAGE;
370 OPENSSL_PUT_ERROR(SSL, dtls1_get_message, SSL_R_UNEXPECTED_MESSAGE);
371 goto f_err;
372 }
373 *ok = 1;
374 s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
375 s->init_num = (int)s->s3->tmp.message_size;
376 return s->init_num;
377 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]378
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]379 msg_hdr = &s->d1->r_msg_hdr;
380 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]381
382again:
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]383 i = dtls1_get_message_fragment(s, stn, max, ok);
384 if (i == DTLS1_HM_BAD_FRAGMENT ||
385 i == DTLS1_HM_FRAGMENT_RETRY) {
386 /* bad fragment received */
387 goto again;
388 } else if (i <= 0 && !*ok) {
389 return i;
390 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]391
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]392 p = (uint8_t *)s->init_buf->data;
393 msg_len = msg_hdr->msg_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]394
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]395 /* reconstruct message header */
396 *(p++) = msg_hdr->type;
397 l2n3(msg_len, p);
398 s2n(msg_hdr->seq, p);
399 l2n3(0, p);
400 l2n3(msg_len, p);
401 p -= DTLS1_HM_HEADER_LENGTH;
402 msg_len += DTLS1_HM_HEADER_LENGTH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]403
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]404 s->init_msg = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
David Benjamin590cbe92014-08-25 21:34:56 -0400[diff] [blame]405
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]406 if (hash_message != SSL_GET_MESSAGE_DONT_HASH_MESSAGE) {
407 ssl3_hash_current_message(s);
408 }
409 if (s->msg_callback) {
410 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, s,
411 s->msg_callback_arg);
412 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]413
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]414 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]415
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]416 s->d1->handshake_read_seq++;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]417
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]418 return s->init_num;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]419
420f_err:
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]421 ssl3_send_alert(s, SSL3_AL_FATAL, al);
422 *ok = 0;
423 return -1;
424}
425
426static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
427 int max) {
428 size_t frag_off, frag_len, msg_len;
429
430 msg_len = msg_hdr->msg_len;
431 frag_off = msg_hdr->frag_off;
432 frag_len = msg_hdr->frag_len;
433
434 /* sanity checking */
435 if ((frag_off + frag_len) > msg_len) {
436 OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment,
437 SSL_R_EXCESSIVE_MESSAGE_SIZE);
438 return SSL_AD_ILLEGAL_PARAMETER;
439 }
440
441 if ((frag_off + frag_len) > (unsigned long)max) {
442 OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment,
443 SSL_R_EXCESSIVE_MESSAGE_SIZE);
444 return SSL_AD_ILLEGAL_PARAMETER;
445 }
446
447 if (s->d1->r_msg_hdr.frag_off == 0) {
448 /* first fragment */
449 /* msg_len is limited to 2^24, but is effectively checked
450 * against max above */
451 if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
452 OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment, ERR_R_BUF_LIB);
453 return SSL_AD_INTERNAL_ERROR;
454 }
455
456 s->s3->tmp.message_size = msg_len;
457 s->d1->r_msg_hdr.msg_len = msg_len;
458 s->s3->tmp.message_type = msg_hdr->type;
459 s->d1->r_msg_hdr.type = msg_hdr->type;
460 s->d1->r_msg_hdr.seq = msg_hdr->seq;
461 } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
462 /* They must be playing with us! BTW, failure to enforce
463 * upper limit would open possibility for buffer overrun. */
464 OPENSSL_PUT_ERROR(SSL, dtls1_preprocess_fragment,
465 SSL_R_EXCESSIVE_MESSAGE_SIZE);
466 return SSL_AD_ILLEGAL_PARAMETER;
467 }
468
469 return 0; /* no error */
470}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]471
472
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]473static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) {
474 /* (0) check whether the desired fragment is available
475 * if so:
476 * (1) copy over the fragment to s->init_buf->data[]
477 * (2) update s->init_num */
478 pitem *item;
479 hm_fragment *frag;
480 int al;
481 unsigned long frag_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]482
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]483 *ok = 0;
484 item = pqueue_peek(s->d1->buffered_messages);
485 if (item == NULL) {
486 return 0;
487 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]488
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]489 frag = (hm_fragment *)item->data;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]490
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]491 /* Don't return if reassembly still in progress */
492 if (frag->reassembly != NULL) {
493 return 0;
494 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]495
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]496 if (s->d1->handshake_read_seq != frag->msg_header.seq) {
497 return 0;
498 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]499
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]500 frag_len = frag->msg_header.frag_len;
501 pqueue_pop(s->d1->buffered_messages);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]502
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]503 al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]504
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]505 if (al == 0) {
506 /* no alert */
507 uint8_t *p = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
508 memcpy(&p[frag->msg_header.frag_off], frag->fragment,
509 frag->msg_header.frag_len);
510 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]511
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]512 dtls1_hm_fragment_free(frag);
513 pitem_free(item);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]514
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]515 if (al == 0) {
516 *ok = 1;
517 return frag_len;
518 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]519
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]520 ssl3_send_alert(s, SSL3_AL_FATAL, al);
521 s->init_num = 0;
522 *ok = 0;
523 return -1;
524}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]525
Matt Caswell2306fe52014-06-06 14:25:52 -0700[diff] [blame]526/* dtls1_max_handshake_message_len returns the maximum number of bytes
527 * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
528 * be greater if the maximum certificate list size requires it. */
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]529static unsigned long dtls1_max_handshake_message_len(const SSL *s) {
530 unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
531 if (max_len < (unsigned long)s->max_cert_list) {
532 return s->max_cert_list;
533 }
534 return max_len;
535}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]536
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]537static int dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr,
538 int *ok) {
539 hm_fragment *frag = NULL;
540 pitem *item = NULL;
541 int i = -1, is_complete;
542 uint8_t seq64be[8];
543 unsigned long frag_len = msg_hdr->frag_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]544
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]545 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
546 msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) {
547 goto err;
548 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]549
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]550 if (frag_len == 0) {
551 return DTLS1_HM_FRAGMENT_RETRY;
552 }
Adam Langleye951ff42014-06-06 14:30:33 -0700[diff] [blame]553
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]554 /* Try to find item in queue */
555 memset(seq64be, 0, sizeof(seq64be));
556 seq64be[6] = (uint8_t)(msg_hdr->seq >> 8);
557 seq64be[7] = (uint8_t)msg_hdr->seq;
558 item = pqueue_find(s->d1->buffered_messages, seq64be);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]559
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]560 if (item == NULL) {
561 frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
562 if (frag == NULL) {
563 goto err;
564 }
565 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
566 frag->msg_header.frag_len = frag->msg_header.msg_len;
567 frag->msg_header.frag_off = 0;
568 } else {
569 frag = (hm_fragment *)item->data;
570 if (frag->msg_header.msg_len != msg_hdr->msg_len) {
571 item = NULL;
572 frag = NULL;
573 goto err;
574 }
575 }
Adam Langleybed22142014-06-20 12:00:00 -0700[diff] [blame]576
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]577 /* If message is already reassembled, this must be a
578 * retransmit and can be dropped. In this case item != NULL and so frag
579 * does not need to be freed. */
580 if (frag->reassembly == NULL) {
581 uint8_t devnull[256];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]582
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]583 assert(item != NULL);
584 while (frag_len) {
585 i = s->method->ssl_read_bytes(
586 s, SSL3_RT_HANDSHAKE, devnull,
587 frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0);
588 if (i <= 0) {
589 goto err;
590 }
591 frag_len -= i;
592 }
593 return DTLS1_HM_FRAGMENT_RETRY;
594 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]595
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]596 /* read the body of the fragment (header has already been read */
597 i = s->method->ssl_read_bytes(
598 s, SSL3_RT_HANDSHAKE, frag->fragment + msg_hdr->frag_off, frag_len, 0);
599 if ((unsigned long)i != frag_len) {
600 i = -1;
601 }
602 if (i <= 0) {
603 goto err;
604 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]605
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]606 RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
607 (long)(msg_hdr->frag_off + frag_len));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]608
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]609 RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
610 is_complete);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]611
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]612 if (is_complete) {
613 OPENSSL_free(frag->reassembly);
614 frag->reassembly = NULL;
615 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]616
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]617 if (item == NULL) {
618 item = pitem_new(seq64be, frag);
619 if (item == NULL) {
620 i = -1;
621 goto err;
622 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]623
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]624 item = pqueue_insert(s->d1->buffered_messages, item);
625 /* pqueue_insert fails iff a duplicate item is inserted.
626 * However, |item| cannot be a duplicate. If it were,
627 * |pqueue_find|, above, would have returned it and control
628 * would never have reached this branch. */
629 assert(item != NULL);
630 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]631
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]632 return DTLS1_HM_FRAGMENT_RETRY;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]633
634err:
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]635 if (frag != NULL && item == NULL) {
636 dtls1_hm_fragment_free(frag);
637 }
638 *ok = 0;
639 return i;
640}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]641
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]642static int dtls1_process_out_of_seq_message(SSL *s,
643 const struct hm_header_st *msg_hdr,
644 int *ok) {
645 int i = -1;
646 hm_fragment *frag = NULL;
647 pitem *item = NULL;
648 uint8_t seq64be[8];
649 unsigned long frag_len = msg_hdr->frag_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]650
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]651 if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) {
652 goto err;
653 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]654
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]655 /* Try to find item in queue, to prevent duplicate entries */
656 memset(seq64be, 0, sizeof(seq64be));
657 seq64be[6] = (uint8_t)(msg_hdr->seq >> 8);
658 seq64be[7] = (uint8_t)msg_hdr->seq;
659 item = pqueue_find(s->d1->buffered_messages, seq64be);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]660
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]661 /* If we already have an entry and this one is a fragment,
662 * don't discard it and rather try to reassemble it. */
663 if (item != NULL && frag_len != msg_hdr->msg_len) {
664 item = NULL;
665 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]666
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]667 /* Discard the message if sequence number was already there, is
668 * too far in the future, already in the queue or if we received
669 * a FINISHED before the SERVER_HELLO, which then must be a stale
670 * retransmit. */
671 if (msg_hdr->seq <= s->d1->handshake_read_seq ||
672 msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
673 (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
674 uint8_t devnull[256];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]675
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]676 while (frag_len) {
677 i = s->method->ssl_read_bytes(
678 s, SSL3_RT_HANDSHAKE, devnull,
679 frag_len > sizeof(devnull) ? sizeof(devnull) : frag_len, 0);
680 if (i <= 0) {
681 goto err;
682 }
683 frag_len -= i;
684 }
685 } else {
686 if (frag_len != msg_hdr->msg_len) {
687 return dtls1_reassemble_fragment(s, msg_hdr, ok);
688 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]689
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]690 if (frag_len > dtls1_max_handshake_message_len(s)) {
691 goto err;
692 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]693
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]694 frag = dtls1_hm_fragment_new(frag_len, 0);
695 if (frag == NULL) {
696 goto err;
697 }
Matt Caswell2306fe52014-06-06 14:25:52 -0700[diff] [blame]698
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]699 memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]700
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]701 if (frag_len) {
702 /* read the body of the fragment (header has already been read */
703 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment,
704 frag_len, 0);
705 if ((unsigned long)i != frag_len) {
706 i = -1;
707 }
708 if (i <= 0) {
709 goto err;
710 }
711 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]712
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]713 item = pitem_new(seq64be, frag);
714 if (item == NULL) {
715 goto err;
716 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]717
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]718 item = pqueue_insert(s->d1->buffered_messages, item);
719 /* pqueue_insert fails iff a duplicate item is inserted.
720 * However, |item| cannot be a duplicate. If it were,
721 * |pqueue_find|, above, would have returned it. Then, either
722 * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
723 * to NULL and it will have been processed with
724 * |dtls1_reassemble_fragment|, above, or the record will have
725 * been discarded. */
726 assert(item != NULL);
727 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]728
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]729 return DTLS1_HM_FRAGMENT_RETRY;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]730
731err:
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]732 if (frag != NULL && item == NULL) {
733 dtls1_hm_fragment_free(frag);
734 }
735 *ok = 0;
736 return i;
737}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]738
739
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]740static long dtls1_get_message_fragment(SSL *s, int stn, long max, int *ok) {
741 uint8_t wire[DTLS1_HM_HEADER_LENGTH];
742 unsigned long len, frag_off, frag_len;
743 int i, al;
744 struct hm_header_st msg_hdr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]745
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]746redo:
747 /* see if we have the required fragment already */
748 if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
749 if (*ok) {
750 s->init_num = frag_len;
751 }
752 return frag_len;
753 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]754
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]755 /* read handshake message header */
756 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
757 DTLS1_HM_HEADER_LENGTH, 0);
758 if (i <= 0) {
759 /* nbio, or an error */
760 s->rwstate = SSL_READING;
761 *ok = 0;
762 return i;
763 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]764
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]765 /* Handshake fails if message header is incomplete */
766 if (i != DTLS1_HM_HEADER_LENGTH) {
767 al = SSL_AD_UNEXPECTED_MESSAGE;
768 OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment,
769 SSL_R_UNEXPECTED_MESSAGE);
770 goto f_err;
771 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]772
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]773 /* parse the message fragment header */
774 dtls1_get_message_header(wire, &msg_hdr);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]775
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]776 /* if this is a future (or stale) message it gets buffered
777 * (or dropped)--no further processing at this time. */
778 if (msg_hdr.seq != s->d1->handshake_read_seq) {
779 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
780 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]781
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]782 len = msg_hdr.msg_len;
783 frag_off = msg_hdr.frag_off;
784 frag_len = msg_hdr.frag_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]785
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]786 if (frag_len && frag_len < len) {
787 return dtls1_reassemble_fragment(s, &msg_hdr, ok);
788 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]789
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]790 if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
791 wire[0] == SSL3_MT_HELLO_REQUEST) {
792 /* The server may always send 'Hello Request' messages --
793 * we are doing a handshake anyway now, so ignore them
794 * if their format is correct. Does not count for
795 * 'Finished' MAC. */
796 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
797 if (s->msg_callback) {
798 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, wire,
799 DTLS1_HM_HEADER_LENGTH, s, s->msg_callback_arg);
800 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]801
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]802 s->init_num = 0;
803 goto redo;
804 } else {
805 /* Incorrectly formated Hello request */
806 al = SSL_AD_UNEXPECTED_MESSAGE;
807 OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment,
808 SSL_R_UNEXPECTED_MESSAGE);
809 goto f_err;
810 }
811 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]812
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]813 if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) {
814 goto f_err;
815 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]816
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]817 /* XDTLS: ressurect this when restart is in place */
818 s->state = stn;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]819
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]820 if (frag_len > 0) {
821 uint8_t *p = (uint8_t *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]822
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]823 i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len,
824 0);
825 /* XDTLS: fix this--message fragments cannot span multiple packets */
826 if (i <= 0) {
827 s->rwstate = SSL_READING;
828 *ok = 0;
829 return i;
830 }
831 } else {
832 i = 0;
833 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]834
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]835 /* XDTLS: an incorrectly formatted fragment should cause the
836 * handshake to fail */
837 if (i != (int)frag_len) {
838 al = SSL3_AD_ILLEGAL_PARAMETER;
839 OPENSSL_PUT_ERROR(SSL, dtls1_get_message_fragment,
840 SSL3_AD_ILLEGAL_PARAMETER);
841 goto f_err;
842 }
843
844 *ok = 1;
845
846 /* Note that s->init_num is *not* used as current offset in
847 * s->init_buf->data, but as a counter summing up fragments'
848 * lengths: as soon as they sum up to handshake packet
849 * length, we assume we have got all the fragments. */
850 s->init_num = frag_len;
851 return frag_len;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]852
853f_err:
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]854 ssl3_send_alert(s, SSL3_AL_FATAL, al);
855 s->init_num = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]856
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]857 *ok = 0;
858 return -1;
859}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]860
861/* for these 2 messages, we need to
862 * ssl->enc_read_ctx re-init
863 * ssl->s3->read_sequence zero
864 * ssl->s3->read_mac_secret re-init
865 * ssl->session->read_sym_enc assign
866 * ssl->session->read_compression assign
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]867 * ssl->session->read_hash assign */
868int dtls1_send_change_cipher_spec(SSL *s, int a, int b) {
869 uint8_t *p;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]870
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]871 if (s->state == a) {
872 p = (uint8_t *)s->init_buf->data;
873 *p++ = SSL3_MT_CCS;
874 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
875 s->init_num = DTLS1_CCS_HEADER_LENGTH;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]876
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]877 s->init_off = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]878
David Benjamin16d031a2014-12-14 18:52:44 -0500[diff] [blame]879 dtls1_set_message_header(s, SSL3_MT_CCS, 0, s->d1->handshake_write_seq, 0,
880 0);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]881
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]882 /* buffer the message to handle re-xmits */
883 dtls1_buffer_message(s, 1);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]884
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]885 s->state = b;
886 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]887
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]888 /* SSL3_ST_CW_CHANGE_B */
David Benjamine4824e82014-12-14 19:44:34 -0500[diff] [blame^]889 return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]890}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]891
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]892int dtls1_read_failed(SSL *s, int code) {
893 if (code > 0) {
894 fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
895 return 1;
896 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]897
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]898 if (!dtls1_is_timer_expired(s)) {
899 /* not a timeout, none of our business, let higher layers handle this. In
900 * fact, it's probably an error */
901 return code;
902 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]903
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]904 if (!SSL_in_init(s)) {
905 /* done, no need to send a retransmit */
906 BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
907 return code;
908 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]909
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]910 return dtls1_handle_timeout(s);
911}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]912
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]913int dtls1_get_queue_priority(unsigned short seq, int is_ccs) {
914 /* The index of the retransmission queue actually is the message sequence
915 * number, since the queue only contains messages of a single handshake.
916 * However, the ChangeCipherSpec has no message sequence number and so using
917 * only the sequence will result in the CCS and Finished having the same
918 * index. To prevent this, the sequence number is multiplied by 2. In case of
919 * a CCS 1 is subtracted. This does not only differ CSS and Finished, it also
920 * maintains the order of the index (important for priority queues) and fits
921 * in the unsigned short variable. */
922 return seq * 2 - is_ccs;
923}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]924
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]925int dtls1_retransmit_buffered_messages(SSL *s) {
926 pqueue sent = s->d1->sent_messages;
927 piterator iter;
928 pitem *item;
929 hm_fragment *frag;
930 int found = 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]931
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]932 iter = pqueue_iterator(sent);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]933
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]934 for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
935 frag = (hm_fragment *)item->data;
936 if (dtls1_retransmit_message(
937 s, (unsigned short)dtls1_get_queue_priority(
938 frag->msg_header.seq, frag->msg_header.is_ccs),
939 0, &found) <= 0 &&
940 found) {
941 fprintf(stderr, "dtls1_retransmit_message() failed\n");
942 return -1;
943 }
944 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]945
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]946 return 1;
947}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]948
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]949int dtls1_buffer_message(SSL *s, int is_ccs) {
950 pitem *item;
951 hm_fragment *frag;
952 uint8_t seq64be[8];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]953
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]954 /* this function is called immediately after a message has
955 * been serialized */
956 assert(s->init_off == 0);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]957
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]958 frag = dtls1_hm_fragment_new(s->init_num, 0);
959 if (!frag) {
960 return 0;
961 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]962
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]963 memcpy(frag->fragment, s->init_buf->data, s->init_num);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]964
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]965 if (is_ccs) {
966 assert(s->d1->w_msg_hdr.msg_len + DTLS1_CCS_HEADER_LENGTH ==
967 (unsigned int)s->init_num);
968 } else {
969 assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH ==
970 (unsigned int)s->init_num);
971 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]972
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]973 frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
974 frag->msg_header.seq = s->d1->w_msg_hdr.seq;
975 frag->msg_header.type = s->d1->w_msg_hdr.type;
976 frag->msg_header.frag_off = 0;
977 frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
978 frag->msg_header.is_ccs = is_ccs;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]979
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]980 /* save current state*/
981 frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
982 frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
983 frag->msg_header.saved_retransmit_state.session = s->session;
984 frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]985
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]986 memset(seq64be, 0, sizeof(seq64be));
987 seq64be[6] = (uint8_t)(
988 dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs) >>
989 8);
990 seq64be[7] = (uint8_t)(
991 dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]992
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]993 item = pitem_new(seq64be, frag);
994 if (item == NULL) {
995 dtls1_hm_fragment_free(frag);
996 return 0;
997 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]998
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]999 pqueue_insert(s->d1->sent_messages, item);
1000 return 1;
1001}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1002
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1003int dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
1004 int *found) {
1005 int ret;
1006 /* XDTLS: for now assuming that read/writes are blocking */
1007 pitem *item;
1008 hm_fragment *frag;
1009 unsigned long header_length;
1010 uint8_t seq64be[8];
1011 struct dtls1_retransmit_state saved_state;
1012 uint8_t save_write_sequence[8];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1013
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1014 /* assert(s->init_num == 0);
1015 assert(s->init_off == 0); */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1016
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1017 /* XDTLS: the requested message ought to be found, otherwise error */
1018 memset(seq64be, 0, sizeof(seq64be));
1019 seq64be[6] = (uint8_t)(seq >> 8);
1020 seq64be[7] = (uint8_t)seq;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1021
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1022 item = pqueue_find(s->d1->sent_messages, seq64be);
1023 if (item == NULL) {
1024 fprintf(stderr, "retransmit: message %d non-existant\n", seq);
1025 *found = 0;
1026 return 0;
1027 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1028
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1029 *found = 1;
1030 frag = (hm_fragment *)item->data;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1031
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1032 if (frag->msg_header.is_ccs) {
1033 header_length = DTLS1_CCS_HEADER_LENGTH;
1034 } else {
1035 header_length = DTLS1_HM_HEADER_LENGTH;
1036 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1037
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1038 memcpy(s->init_buf->data, frag->fragment,
1039 frag->msg_header.msg_len + header_length);
1040 s->init_num = frag->msg_header.msg_len + header_length;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1041
David Benjamin16d031a2014-12-14 18:52:44 -0500[diff] [blame]1042 dtls1_set_message_header(s, frag->msg_header.type,
1043 frag->msg_header.msg_len, frag->msg_header.seq,
1044 0, frag->msg_header.frag_len);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1045
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1046 /* save current state */
1047 saved_state.enc_write_ctx = s->enc_write_ctx;
1048 saved_state.write_hash = s->write_hash;
1049 saved_state.session = s->session;
1050 saved_state.epoch = s->d1->w_epoch;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1051
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1052 /* restore state in which the message was originally sent */
1053 s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
1054 s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
1055 s->session = frag->msg_header.saved_retransmit_state.session;
1056 s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
1057
1058 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1059 memcpy(save_write_sequence, s->s3->write_sequence,
1060 sizeof(s->s3->write_sequence));
1061 memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
1062 sizeof(s->s3->write_sequence));
1063 }
1064
1065 ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC
David Benjamine4824e82014-12-14 19:44:34 -0500[diff] [blame^]1066 : SSL3_RT_HANDSHAKE);
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1067
1068 /* restore current state */
1069 s->enc_write_ctx = saved_state.enc_write_ctx;
1070 s->write_hash = saved_state.write_hash;
1071 s->session = saved_state.session;
1072 s->d1->w_epoch = saved_state.epoch;
1073
1074 if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1) {
1075 memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
1076 sizeof(s->s3->write_sequence));
1077 memcpy(s->s3->write_sequence, save_write_sequence,
1078 sizeof(s->s3->write_sequence));
1079 }
1080
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1081 (void)BIO_flush(SSL_get_wbio(s));
1082 return ret;
1083}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1084
1085/* call this function when the buffered messages are no longer needed */
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1086void dtls1_clear_record_buffer(SSL *s) {
1087 pitem *item;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1088
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1089 for (item = pqueue_pop(s->d1->sent_messages); item != NULL;
1090 item = pqueue_pop(s->d1->sent_messages)) {
1091 dtls1_hm_fragment_free((hm_fragment *)item->data);
1092 pitem_free(item);
1093 }
1094}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1095
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1096/* don't actually do the writing, wait till the MTU has been retrieved */
David Benjamin16d031a2014-12-14 18:52:44 -0500[diff] [blame]1097void dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len,
1098 unsigned short seq_num, unsigned long frag_off,
1099 unsigned long frag_len) {
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1100 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1101
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1102 msg_hdr->type = mt;
1103 msg_hdr->msg_len = len;
1104 msg_hdr->seq = seq_num;
1105 msg_hdr->frag_off = frag_off;
1106 msg_hdr->frag_len = frag_len;
1107}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1108
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1109static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
1110 unsigned long frag_len) {
1111 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1112
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1113 msg_hdr->frag_off = frag_off;
1114 msg_hdr->frag_len = frag_len;
1115}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1116
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1117static uint8_t *dtls1_write_message_header(SSL *s, uint8_t *p) {
1118 struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1119
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1120 *p++ = msg_hdr->type;
1121 l2n3(msg_hdr->msg_len, p);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1122
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1123 s2n(msg_hdr->seq, p);
1124 l2n3(msg_hdr->frag_off, p);
1125 l2n3(msg_hdr->frag_len, p);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1126
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1127 return p;
1128}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1129
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1130unsigned int dtls1_min_mtu(void) {
1131 return g_probable_mtu[(sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0])) -
1132 1];
1133}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1134
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1135static unsigned int dtls1_guess_mtu(unsigned int curr_mtu) {
1136 unsigned int i;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1137
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1138 if (curr_mtu == 0) {
1139 return g_probable_mtu[0];
1140 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1141
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1142 for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++) {
1143 if (curr_mtu > g_probable_mtu[i]) {
1144 return g_probable_mtu[i];
1145 }
1146 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1147
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1148 return curr_mtu;
1149}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1150
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1151void dtls1_get_message_header(uint8_t *data,
1152 struct hm_header_st *msg_hdr) {
1153 memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
1154 msg_hdr->type = *(data++);
1155 n2l3(data, msg_hdr->msg_len);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1156
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1157 n2s(data, msg_hdr->seq);
1158 n2l3(data, msg_hdr->frag_off);
1159 n2l3(data, msg_hdr->frag_len);
1160}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1161
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1162void dtls1_get_ccs_header(uint8_t *data, struct ccs_header_st *ccs_hdr) {
1163 memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1164
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1165 ccs_hdr->type = *(data++);
1166}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1167
Adam Langley71d8a082014-12-13 16:28:18 -0800[diff] [blame]1168int dtls1_shutdown(SSL *s) {
1169 int ret;
1170 ret = ssl3_shutdown(s);
1171 return ret;
1172}